My current Ivy configuration fails to resolve because of this error:

problem while downloading module descriptor:
http://repo1.maven.org/maven2/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.pom:
invalid sha1:
  expected=ad3fda4adc95eb0d061341228cc94845ddb9a6fe
  computed=0ce5d4a03b07c8b00ab60252e5cacdc708a4e6d8

How can I disable (or work around) Ivy's check of the SHA1 checksum?

I think you could tell your resolver to ignore checksums by setting the property to an empty String.

http://ant.apache.org/ivy/history/latest-milestone/settings/resolvers.html

Or you could define it globally by setting the attribute ivy.checksums to "":

From the Documentation (http://ant.apache.org/ivy/history/latest-milestone/concept.html#checksum):

For the moment Ivy supports the md5 and sha1 algorithms.

The configuration of using md5 and/or sha1 can be done globally or by dependency resolver. Globally, use the ivy.checksums variable to list the check to be done (only md5 and sha1 are supported). On each resolver you can use the checksums attribute to override the global setting.

The setting is a comma separated list of checksum algorithms to use. During checking (at download time), the first checksum found is checked, and that's all. This means that if you have a "sha1, md5" setting, then if ivy finds a sha1 file, it will compare the downloaded file sha1 against this sha1, and if the comparison is ok, it will assume the file is ok. If no sha1 file is found, it will look for an md5 file. If none is found no checking is done. During publish, all listed checksum algorithms are computed and uploaded.

By default checksum algorithms are "sha1, md5".

If you want to change this default, you can set the variable ivy.checksums. Hence, to disable checksum validation you just have to set ivy.checksums to "".

I just found this about the checksum issue: Corrupt checksum in Maven Central